Awesome

Portfolio of audits and certificates

About me

Jakub Heba is a cybersecurity expert with almost eight years of experience in the industry. For three years associated with blockchain technology as a Smart Contract and Blockchain auditor. He has conducted over 80 audits of various protocols, mostly related to Decentralized Finances. He specializes in the security of contracts written in Rust, Golang and MOVE, in technologies such as CosmWasm, NEAR, Ink!, Substrate, Scrypto, MultiversX (Elrond), AssemblyScript (Massa) or Sui, as well as has a deep technical understanding of EVM and Solidity. He participated in assessments testing low-level aspects of blockchain technology, such as finality proof verifications, serialization libraries, rollups as well as implementations of bridges between many different ecosystems. He has experience in auditing Layer 1 Blockchains written in Rust, Golang and MOVE. Additionally, he has experience in testing offchain components such as wallets, infrastructures, oracles and Metamask Snaps. His experience covers also more niche languages, such as Pact, Noir and Rell. Before moving to Web3, he was a Lead Security Researcher and Penetration Tester managing a team of up to 10 engineers. He also specialized in low-level binary exploitation in both UNIX and Windows environments. Holder of OSCP, OSCE and Lead ISO27001 Auditor certificates.

CEO & Cofounder at Monethic. Currently, I'm also a Senior Blockchain Security Auditor at Oak Security, Sub7, Sayfer and Lead Smart Contract Security Auditor at Hacken.

For private audits or security consulting, please reach out to me on:

Twitter - @JakubHeba
LinkedIn - Jakub Heba

You can also request a quote on Monethic or Cantina.

Private & Solo Audits

Protocol	Type	Report
Uncharted - GangsterArena v3	Solidity, BLAST, Gaming	soon
Uncharted - Confidential	Solidity, BLAST, Gaming	soon
Uncharted - Confidential	Solidity, BLAST, Gaming	soon
Confidential - Confidential	Solidity, MetaMorpho ERC4626 Vaults	soon
Razor DEX - Decentralized Exchange contracts	MOVE, Aptos, Sui	📄 Report.pdf
Wolf Game - Cave Game, ERC721	Solidity, BLAST	📄 Report.pdf
Magic Beans - Magic Beans, OTC	Solana, Rust	📄 Report.pdf
Orderly Network - Asset Manager Smart Contract	Rust, NEAR	📄 Report.pdf
Cascadia Foundation - Liquidity Pools (Curve fork) Contracts	Solidity, Vyper	-
Holoride - Holoride Ethereum <> MultiversX bridge	Rust, MultiversX/Elrond	📄 Report.pdf

Audits in a team

Protocol	Type	Report
Jellyverse - Jellyverse Staking, Vesting, Governance, ERC20	Solidity, ERC20	📄 Report.pdf
Confidential - Confidential	Solidity, Gaming	soon
Glue Protocol - Substrate pallets/Parachain/Node	Substrate, Rust	📄 Report.pdf
5ire Chain - Substrate pallets/Parachain/Node	Substrate, Rust	📄 Report.pdf
Layer Zero - Layer Zero V2	Solana, Anchor, Rust	📄 Report.pdf
Mysten Labs - Sui - Adapter & Verifier	MOVE, L1, Sui	📄 Report.pdf
Volo Sui - VOLO Liquid Staking	MOVE, Sui	📄 Report.pdf
Satay Finance - Satay Aptos	MOVE, Aptos	📄 Report.pdf
Bifrost - Laverage Staking	Rust, Substrate	📄 Report.pdf
Starlay Finance - Starlay Protocol WASM	Rust, ink!	📄 Report.pdf
Ociswap - Scrypto AVL Tree Implementation	Rust, Scrypto, AVL Tree, Radix DLT	📄 Report.pdf
Ociswap - Scrypto Math	Rust, Scrypto, Radix DLT	📄 Report.pdf
Ociswap - Scrypto Precision Pool	Rust, Scrypto, Radix DLT	📄 Report.pdf
Ociswap - Scrypto Flex Pool	Rust, Scrypto, Radix DLT	📄 Report.pdf
Ociswap - Scrypto Oracle	Rust, Scrypto, Radix DLT	📄 Report.pdf
Hyperlane - cw-hyperlane	Rust, CosmWasm	📄 Report.pdf
Asteroid - Asteroid Bridge	CFT-20, Rust, CosmWasm	📄 Report.pdf
Astroport - Tokenfactory LP Tokens	Rust, CosmWasm	📄 Report.pdf
Stader Labs - SD Token Staking	Rust, CosmWasm	📄 Report.pdf
Astroport Concentrated Liq Pool - Injective Orderbook Integration	Rust, CosmWasm	📄 Report.pdf
Astroport - Astral Assembly contracts	Rust, CosmWasm	📄 Report.pdf
Astroport - Concentrated Liquidity Pool	Rust, CosmWasm	📄 Report.pdf
Astroport - Astroport on Osmosis	Rust, CosmWasm	📄 Report.pdf
Brokkr Protocol - Delta Neutral	Rust, CosmWasm	📄 Report.pdf
Brokkr Protocol - Long Term Bonding	Rust, CosmWasm	📄 Report.pdf
Gable Finance - Gable Liquidity Market, Staking	Rust, Scrypto, Radix DLT	📄 Report.pdf
Osmosis Labs - Osmosis Transmuter	Rust, CosmWasm	📄 Report.pdf
Stargaze - Reserve Auctions	Rust, CosmWasm	📄 Report.pdf
Stargaze - Infinity Pool	Rust, CosmWasm	📄 Report.pdf
Calculated Finance - Contracts	Rust, CosmWasm	📄 Report.pdf
Hadron Labs - Lido Satellite	Rust, CosmWasm	📄 Report.pdf
Snowfork - SSZ serialization library - Rust	Rust, library	📄 Report.pdf
Membrane - Contracts	Rust, CosmWasm	📄 Report.pdf
Coinhall - Genie	Rust, CosmWasm	📄 Report.pdf
Snowbridge - Ethereum <=> Polkadot bridge	Rust, Solidity, Polkadot, Ethereum	📄 Report.pdf
Snowbridge - Extension, Ethereum <=> Polkadot bridge	Rust, Solidity, Polkadot, Ethereum	📄 Report.pdf
Ixo World - IXO Swap	Rust, CosmWasm	📄 Report.pdf
Ninja Blaze - Ninja Blaze Double	Rust, CosmWasm	📄 Report.pdf
Osmosis Labs - Osmosis Transmuter v3	Rust, CosmWasm	📄 Report.pdf
Astroport - Astroport Hub Neutron Migration	Rust, CosmWasm	📄 Report.pdf
Yieldmos - Outpost Osmosis	Rust, CosmWasm	📄 Report.pdf

Certificates

Offensive Security Certified Expert (OSCE) - Offensive Security OSCE proof
Offensive Security Certified Professional (OSCP) - Offensive Security OSCP proof
Lead ISO27001 Auditor - Information Security Management Systems (ISMS) Auditor/Lead Auditor (BS ISO/IEC 27001:2013)

CVE-s

CVE-2019-10070 - Apache Atlas, Stored Cross Site Scripting
CVE-2020-6856 - JOC Cockpit, Jobscheduler, XML External Entity
CVE-2020-6854 - JOC Cockpit, Jobscheduler, Multiple Stored Cross Site Scripting
CVE-2020-6855 - JOC Cockpit, Jobscheduler, Denial of Service
CVE-2021-3584 - Foreman, Authenticated Remote Code Execution via Sendmail configuration